Okay, first of all, I know that there are a lot of videos and tutorials out there to help with the question I have raised. However, my case is a little different than the usual. So, basically, I am trying to build out a chat app on Django. For this I am planning to save the messages that the user wants to send in the database and then render them on screen. Now, in order to send this data to the server, I wish to use Ajax as it would prevent page reload and thus make for a much smoother UX. However, that raises an issue. The issue is that how do I keep track of the fact that which room/ chat is the message coming from and which user sent it? The obvious solution that comes to mind is the create a hidden field inside if my form and then pass in the room details of it through that hidden field. But won't that be highly insecure as the data could be subject to change, allowing users to send messages from a chat they have access to, to a chat they don't have access to? The username part can still be managed using request.user. The trouble is arising only with the tracking room details part.
Any help/ideas are welcome.
Thanks!
First of all take a look at Django Unicorn:
https://www.django-unicorn.com/
This might be the perfect fit for this kind of application.
But won't that be highly insecure as the data could be subject to change, allowing users to send messages from a chat they have access to, to a chat they don't have access to?
As Abdul Aziz Barkat already pointet out is true for all kind of form submission. You have to check in your code if the user is allowed to post to/from a room and to a person. This can be done in the forms clean() method where you can raise errors like PermissionDenied.
Edit
response to your first comment:
You need to keep track permissions of the chat. e.g. which users are allowed to write in this chat and those that are allowed to read the chat
class Chat(models.Model):
# your generic chat class
# ...
write = models.ManyToManyField(User, blank=True, related_name="users_write_access")
read = models.ManyToManyField(User, blank=True, related_name="user_read_access")
As soon as a user becomes a member of a chat add them to the write and read field.
If a user tries to send a message to a chat check if he's a member of the write list. e.g.
from django.shortcuts import get_object_or_404
from django.contrib.auth import PermissionDenied
def send_message_to_chat(request, chat_id):
chat = get_object_or_404(Chat, pk=chat_id)
if request.user not in chat.write.all():
raise PermissionDenied("You are not allowed to write in this chat...")
# continue with your code to send messages
to something similar for read access. I hope this helps
Related
I have a django project where I want to create users, and some time later be able to send a welcome email with a link inviting them to log in and set a password.
I'm using django-allauth. I found this SO question which shows how to call allauth's password reset form, which is close to what I need, except that:
I want to send a "welcome" email, which would be worded differently.
I want it to send them to a "welcome" page, which would be different to a password reset (although perhaps operate the same way in that it use a token etc...)
I'm thinking I could somehow hijack that, but am not sure how or where that email gets sent.
django-allauth docs mention the routes /accounts/password/set/ and /accounts/password/set/ but I can't access either without logging in first.
This is an existing project I inherited, and I do have a template for "/account/password_reset_from_key.html". Just not sure how it all gets wired together.
Has anyone done anything similar?
You mention:
...and some time later be able to send a welcome email with a link inviting them to log in and set a password.
If sometime later, then you might be interested in queues like Celery to do that for you.
Here's an approach you might take:
Listen to the save django model signal on the User model. Send an email to a user whenever that is triggered (this will happen immediately. However with your "some time later" thing, then you add that sending to the user to a celery job queue for later
Send a dynamic email with html. With this, you can customize the design etc to your taste.
I guys I am very new to Django and app dev and I am having trouble to structure my app.
I am creating an app to send team questionaire.So wokflow is the following:
1) I create a team_project (Team_name)
2) Send Invitations to team members using Emails
3) Based on that invitation Team_member signIn (creating a new user) and are directly assigned to that team created.
I have no idea how to handle that and especially part 3
If you could give me a direction how to do it I will really appreciate
Thx you very much
What you want is a common requirement, so perhaps there is already a library or solution for it.
to write the code from scratch, which is not recommended,
You can define a custom url , like example.com/join_team/some_random_looking_unique_string/
create a model which keeps a random string, email , and maybe some kind of expiration policy. Read the unique string in your view, and retrieve the record associated with it. send a form to get more details like password and etc and save the user in database.
I also found this repo that I think does what you want:
https://github.com/bee-keeper/django-invitations
explain more in your question, and you can get more detailed answers!
I would like to give staff the ability to manage the fields from, subject, and body when sending emails without having to edit the html file. Ideally they would be able to do this via the admin site. My thought process is:
Create email table with the requested fields
Add send_email on admin.py classes when they perform a certain action. When they do, I can get the values for sending emails by getting object from email table based on primary key.
I haven't come across any documentation to set this up and am concerned it's considered bad to do.
I'm almost certain to be missing something crucial as to why this is a terrible idea... can anyone comment on cases when this would blow up, or that it's odd but shouldn't be an issue? Most of the emails staff edit will be of static text.
Any suggestions/comments/criticism is very much appreciated.
I personally use Django DB Templates for such purpose like email editing in Admin Area.
It's simple and you can save your existing templates to DB templates table.
Hello I want to know if there is a way to send an email to a user upon someone updating certain fields in the Django admin page being updated. Is there a way to do this? I already have an email being sent upon the forms completion, but I need to send more emails once one of the users updates through the admin page.
I have taken a look at the post_save, model_save and save_formset methods, but I did not feel that they were what I was looking for.
Try overriding the ModelAdmin.save_model method. I think it has hooks for all the information you require.
The change variable lets you distinguish between a user adding or changing the model instance.
form.changed_data gives you a list of the names of the fields which have changed, which lets you determine whether or not to send the email.
Finally request.user identifies the user which made the changes.
You need django.db.models.signals.post_save signal. It is sanding after the model has been saved.
def my_callback(sender, **kwargs):
# Your specific logic here
pass
post_syncdb.connect(my_callback, sender=yourapp.models.TheModel)
Arguments sent with this signal:
sender:
The model class.
instance:
The actual instance being saved.
created
A boolean; True if a new record was created.
raw:
A boolean; True if the model is saved exactly as presented (i.e. when loading a fixture). One should not query/modify other records in the database as the database might not be in a consistent state yet.
So you need only callback and sender.
I am trying to hack my way through the wonderful django-registration app, and add the ability to send email invitations for the site.
The sending of invitations is trivial: the user enters an email, and the view sends an email to the recipient with a random alphanumeric sequence in the activation link.
I largely took the code from Ayman Hourieh's book on Django. The problem is that in the book Ayman develops a custom made registration system, and then adds the variable invitation to the session. I don't know how to do it with Bennett's django-registration, so that when somebody follows the link, and performs the activation, he can become friend with the user than sent the invitation. This is crucial for me because I need the ability to track the number of users that each user drove to the site. Anyone had experience with this problem?
Have you had a look at django-invitation? It's build on django-registration
http://code.welldev.org/django-invitation/wiki/Home
EDIT
I haven't used it before so I don't know its exact functionality, but looking at the code, when an invitation is sent, an InvitationKey object is created which has a from_user and registrant so the functionality is there whether it's documented or not.